VDB
CVE-2026-10706
CVE-2026-10706
PUBLISHED
CVSS 7.5 HIGH
Reported by certcc · Published July 8, 2026
In Adalo’s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing sensitive information to be exposed to unauthorized parties.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adalo No-Code App Builder | App Builder | 1 |
| Adalo No-Code App Builder | App Builder | 1, 1 |
Timeline
- Jul 8, 2026 CVE Published
- Jul 9, 2026 EPSS Score
- Jul 9, 2026 Coalition ESS Score
- Jul 9, 2026 Security Advisory
- Jul 9, 2026 CVE Updated